Description
A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add".
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)
WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)
MediaWiki Incorrect Authorization Vulnerability (CVE-2020-26121)
Joomla! Core Cross-Site Scripting (2.5.0 - 3.9.24)
WordPress Plugin FormCraft-Contact Form Builder SQL Injection (1.0.5)